The source repository (UTILITIES) has anon-access = none specified requiring a password to access it. A user has been setup svnsync = sourcepass to use for syncing.
But how to I tell svnsync the username and password?
SYNCUSER=svnsync
SRCPASS=sourcepass
DESTPASS=destpass
svnsync init --non-interactive \
--sync-username $SYNCUSER --sync-password $DESTPASS \
--no-auth-cache \
"file://path/to/UTILITIES" "svn://svn.company.com/UTILITIES"
If I run without --non-interactive, it will prompt me to login to the source repository.
Note: the reason for --non-interactive is because initialisation of the mirror is handled by a daemon.
See: http://svnbook.red-bean.com/en/1.7/svn.ref.svnsync.c.init.html
One option is to pre-cache authentication, which is what I am currently doing.
$ svn info svn://svn.company.com/UTILITIES
Username: svnsync
Password: sourcepass
Store password unencrypted (yes/no)? yes
svnsync can then access the repository in --non-interactive mode.
I have set-up or have been provided with an secured URL (HTTPS) to a remote Docker registry. I need to perform docker login into the remote registry in order to be able to push my locally built Docker images.
The command would be something like:
docker login -u myUser https://registry.mydomain.example.com
However, docker login fails with x509 certificate verification error like:
Error response from daemon: Get https://registry.mydomain.example.com/v2/: x509: certificate signed by unknown authority
I'm using macOS / OS X, how can I get my local Docker (Docker client) to accept remote repository's TLS certificate for HTTPS traffic?
Also, once the secure HTTPS connection works, how do I build and push my image to the remote repository, after I've written the Dockerfile and tested locally that my image works?
Unlike the Docker documentation's link regarding this matter specifically mentions, the Linux/Unix instructions work for macOS / OS X as well:
https://docs.docker.com/engine/security/certificates/
I got below instructions working with MacBook Pro using macOs High Sierra 10.13.5 (17F77)
Docker client (local Docker) version: 18.03.1-ce
Place the Certificate Authority (CA) file, provided by the remote registry admin, into the specific folder structure via terminal commands:
sudo mkdir -p /etc/docker/certs.d/registry.mydomain.example.com
sudo cp ca.crt /etc/docker/certs.d/registry.mydomain.example.com
Note: If you are using URL with port to connect to the registry, the port needs to be included in the foldername under certs.d folder. The URL can also be in the form of IP:
sudo mkdir -p /etc/docker/certs.d/registry.mydomain.example.com:443
sudo mkdir -p /etc/docker/certs.d/172.123.123.1:443
EDIT TO ADD!
I tested this with a co-worker and it was discovered that addition of the CA file into macOS Keychain was required (I had also done this previously). It is currently unknown if the above /etc/docker steps are even required on Mac. We used this guide to import ca.crt file into the Keychain (visible as "not trusted" at Certificates menu).
https://www.sslsupportdesk.com/how-to-import-a-certificate-into-mac-os/
Afterwards, restart your local Docker.
Docker login should work normally afterwards. If you still keep getting the x509 unknown authority error, it might be a good idea to verify the remote registry's server certificate's (obtainable e.g. by navigating to the registry's URL with browser) validity against the CA file, using openssl commands:
https://www.sslshopper.com/article-most-common-openssl-commands.html
Below is an example if working with OpenShift integrated (Atomic) registry:
oc login https://registry.mydomain.example.com -u myUser --certificate-authority=ca.crt
docker login -u $(oc whoami) -p $(oc whoami -t) https://registry.mydomain.example.com
You should get a prompt that Login Succeeded, then:
docker build -t registry.mydomain.example.com/openshiftProject/my-image:1.0 .
docker push registry.mydomain.example.com/openshiftProject/my-image:1.0
I am very new to postgres-xl. I am planning to use it to my application. There is no properdocumentation to download and install in distributed mode. Please guide me, from where to download, install, configuration, what are the dependent packages for centOS 6 to support postgres-xl, what are the services need to start and how to start them, configuration changes for distributed environment.In a distribued environment, what are the services to start and how. Please guide me. Thanks..!
Following are key points to install Postgres-XL.
Detailed information, please see https://ruihaijiang.wordpress.com/2015/09/17/postgres-xl-installation-example-on-linux/
1. Plan your hosts, IP, ports, etc. For example,
GTM:
hostname=host1
nodename=gtm
IP=192.168.187.130
port=6666
Coordinator:
hostname=host2
nodename=coord1
IP=192.168.187.131
pooler_port=6668,port=5432
Datanode1:
hostname=host3
nodename=datanode1
IP=192.168.187.132
pooler_port=6669, port=15432
Datanode2:
hostname=host4
nodename=datanode2
IP=192.168.187.133
pooler_port=6670, port=15433
2. Write your pgxc_ctl.conf
#user and path
pgxcOwner=postgres
pgxcUser=$pgxcOwner
pgxcInstallDir=/usr/local/pgsql
#gtm and gtmproxy
gtmMasterDir=$HOME/pgxc/nodes/gtm
gtmMasterPort=6666
gtmMasterServer=192.168.187.130
gtmSlave=n
#gtm proxy
gtmProxy=n
#coordinator
coordMasterDir=$HOME/pgxc/nodes/coord
coordNames=(coord1)
coordPorts=(5432)
poolerPorts=(6668)
coordPgHbaEntries=(192.168.187.0/24)
coordMasterServers=(192.168.187.131)
coordMasterDirs=($coordMasterDir/coord1)
coordMaxWALsernder=0
coordMaxWALSenders=($coordMaxWALsernder)
coordSlave=n
coordSpecificExtraConfig=(none none none)
coordSpecificExtraPgHba=(none none none)
#datanode
datanodeNames=(datanode1 datanode2)
datanodePorts=(15432 15433)
datanodePoolerPorts=(6669 6670)
datanodePgHbaEntries=(192.168.187.0/24)
datanodeMasterServers=(192.168.187.132 192.168.187.133)
datanodeMasterDir=$HOME/pgxc/nodes/dn_master
datanodeMasterDirs=($datanodeMasterDir/datanode1 $datanodeMasterDir/datanode2)
datanodeMaxWalSender=0
datanodeMaxWALSenders=($datanodeMaxWalSender $datanodeMaxWalSender)
datanodeSlave=n
primaryDatanode=datanode1
3. Configure ssh authentication to avoid inputing password for pgxc_ctl
This really spent me a few days.
On host1, generate the authentication key file,
ssh-keygen -t rsa (Just press ENTER for all input values)
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
On host1, upload file authorized_keys to host2, host3 and host3, as following,
scp ~/.ssh/authorized_keys postgres#192.168.187.131:~/.ssh/
scp ~/.ssh/authorized_keys postgres#192.168.187.132:~/.ssh/
scp ~/.ssh/authorized_keys postgres#192.168.187.133:~/.ssh/
On every host, run following commands,
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
On host1, try to connect host2, host3 and host4, make sure no password is needed,
ssh postgres#192.168.187.131
ssh postgres#192.168.187.132
ssh postgres#192.168.187.133
4. Run pgxc_ctl to configure and start the cluster
At host1, run following command:
pgxc_ctl init all
createdb foo gives an invalid password for user (my username)
I can't login with
sudo psql
How do I reset my postgres user accounts?
Is it something I can do in the hba_conf file?
EDIT:
I was beginning a Postgres tutorial and wanted to have a fresh install. I ran
brew update
brew uninstall postgresql
brew install postgresql
pg_ctl -D some/path
createdb
This could be two things: you lost/misset the password, or Postgres might be configured in a way that prevents you from logging in.
Resetting the password:
Most of the time Postgres runs as user "postgres". Try su - postgres as root, and then run psql. If that doesn't work, you'll need to figure out what user postgres is running as, and su to that user. From there you can reset the password for the user. Also, make sure that your user is allowed to log in -- the default is to disable login for a new role .
Changing the configuration:
Find the pg_hba.conf file and edit it to permit password login. This file is usually loacted in /var/lib somewhere. On my Scientific Linux server its at: /var/lib/pgsql/9.2/data/pg_hba.conf, but on my Gentoo server its at /etc/postgresql-9.3/pg_hba.conf -- so locate pg_hba.conf might help you find it. This file is usually fairly well commented, and there is a manual page for it here: http://www.postgresql.org/docs/devel/static/auth-pg-hba-conf.html.
Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world.
I have my proxy URL in the following format:
http://user:passwords#my_proxy_server.com:80
And I have to provide this information to cntlm. Its config file cntlm.ini has following structure and parameters:
Username
Domain
Password
Proxy
I am not sure, how to break up my original proxy property to fill these four options?
Update your user, domain, and proxy information in cntlm.ini, then test your proxy with this command (run in your Cntlm installation folder):
cntlm -c cntlm.ini -I -M http://google.ro
It will ask for your password, and hopefully print your required authentication information, which must be saved in your cntlm.ini
Sample cntlm.ini:
Username user
Domain domain
# provide actual value if autodetection fails
# Workstation pc-name
Proxy my_proxy_server.com:80
NoProxy 127.0.0.*, 192.168.*
Listen 127.0.0.1:54321
Listen 192.168.1.42:8080
Gateway no
SOCKS5Proxy 5000
# provide socks auth info if you want it
# SOCKS5User socks-user:socks-password
# printed authentication info from the previous step
Auth NTLMv2
PassNTLMv2 98D6986BCFA9886E41698C1686B58A09
Note: on linux the config file is cntlm.conf
The solution takes two steps!
First, complete the user, domain, and proxy fields in cntlm.ini. The username and domain should probably be whatever you use to log in to Windows at your office, eg.
Username employee1730
Domain corporate
Proxy proxy.infosys.corp:8080
Then test cntlm with a command such as
cntlm.exe -c cntlm.ini -I -M http://www.bbc.co.uk
It will ask for your password (again whatever you use to log in to Windows_). Hopefully it will print 'http 200 ok' somewhere, and print your some cryptic tokens authentication information. Now add these to cntlm.ini, eg:
Auth NTLM
PassNT A2A7104B1CE00000000000000007E1E1
PassLM C66000000000000000000000008060C8
Finally, set the http_proxy environment variable in Windows (assuming you didn't change with the Listen field which by default is set to 3128) to the following
http://localhost:3128
Without any configuration, you can simply issue the following command (modifying myusername and mydomain with your own information):
cntlm -u myusername -d mydomain -H
or
cntlm -u myusername#mydomain -H
It will ask you the password of myusername and will give you the following output:
PassLM 1AD35398BE6565DDB5C4EF70C0593492
PassNT 77B9081511704EE852F94227CF48A793
PassNTLMv2 A8FC9092D566461E6BEA971931EF1AEC # Only for user 'myusername', domain 'mydomain'
Then create the file cntlm.ini (or cntlm.conf on Linux using default path) with the following content (replacing your myusername, mydomain and A8FC9092D566461E6BEA971931EF1AEC with your information and the result of the previous command):
Username myusername
Domain mydomain
Proxy my_proxy_server.com:80
NoProxy 127.0.0.*, 192.168.*
Listen 127.0.0.1:5865
Gateway yes
SOCKS5Proxy 5866
Auth NTLMv2
PassNTLMv2 A8FC9092D566461E6BEA971931EF1AEC
Then you will have a local open proxy on local port 5865 and another one understanding SOCKS5 protocol at local port 5866.
Here is a guide on how to use cntlm
What is cntlm?
cntlm is an NTLM/NTLMv2 authenticating HTTP proxy
It takes the address of your proxy and opens a listening socket, forwarding each request to the parent proxy
Why cntlm?
Using cntlm we make it possible to run tools like choro, pip3, apt-get from a command line
pip3 install requests
choco install git
The main advantage of cntlm is password protection.
With cntlm you can use password hashes.
So NO PLAINTEXT PASSWORD in %HTTP_PROXY% and %HTTPS_PROXY% environment variables
Install cntlm
You can get the latest cntlm release from sourceforge
Note! Username and domain
My username is zezulinsky
My domain is local
When I run commands I use zezulinsky#local
Place your username when you run commands
Generate password hash
Run a command
cntlm -u zezulinsky#local -H
Enter your password:
Password:
As a result you are getting hashed password:
PassLM AB7D42F42QQQQ407552C4BCA4AEBFB11
PassNT PE78D847E35FA7FA59710D1231AAAF99
PassNTLMv2 46738B2E607F9093296AA4C319C3A259
Verify your generated hash is valid
Run a command
cntlm -u zezulinsky#local -M http://google.com
Enter your password
Password:
The result output
Config profile 1/4... OK (HTTP code: 301)
----------------------------[ Profile 0 ]------
Auth NTLMv2
PassNTLMv2 46738B2E607F9093296AA4C319C3A259
------------------------------------------------
Note! check that PassNTLMv2 hash is the same
The resulting hash is the same for both commands
PassNTLMv2 46738B2E607F9093296AA4C319C3A259
Change configuration file
Place generated hashes into the cntlm.ini configuration file
C:\Program Files (x86)\Cntlm\cntlm.ini
Here is how your cntlm.ini should look like
Username zezulinsky
Domain local
PassLM AB7D42F42QQQQ407552C4BCA4AEBFB11
PassNT PE78D847E35FA7FA59710D1231AAAF99
PassNTLMv2 46738B2E607F9093296AA4C319C3A259
Proxy PROXYSERVER:8080
NoProxy localhost, 127.0.0.*
Listen 3128
Note! newline at the end of cntlm.ini
It is important to add a newline at the end of the cntlm.ini configuration file
Set your environment variables
HTTPS_PROXY=http://localhost:3128
HTTP_PROXY=http://localhost:3128
Check that your cntlm works
Stop all the processes named cntlm.exe with process explorer
Run the command
cntlm -u zezulinsky#local -H
The output looks like
cygwin warning:
MS-DOS style path detected: C:\Program Files (x86)\Cntlm\cntlm.ini
Preferred POSIX equivalent is: /Cntlm/cntlm.ini
CYGWIN environment variable option "nodosfilewarning" turns off this warning.
Consult the user's guide for more details about POSIX paths:
http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
section: local, Username = 'zezulinsky'
section: local, Domain = 'local'
section: local, PassLM = 'AB7D42F42QQQQ407552C4BCA4AEBFB11'
section: local, PassNT = 'PE78D847E35FA7FA59710D1231AAAF99'
section: local, PassNTLMv2 = '46738B2E607F9093296AA4C319C3A259'
section: local, Proxy = 'PROXYSERVER:8080'
section: local, NoProxy = 'localhost, 10.*, 127.0.0.*
section: local, Listen = '3128'
Default config file opened successfully
cntlm: Proxy listening on 127.0.0.1:3128
Adding no-proxy for: 'localhost'
Adding no-proxy for: '10.*'
Adding no-proxy for: '127.0.0.*'
cntlm: Workstation name used: MYWORKSTATION
cntlm: Using following NTLM hashes: NTLMv2(1) NT(0) LM(0)
cntlm: PID 1234: Cntlm ready, staying in the foreground
Open a new cmd and run a command:
pip3 install requests
You should have requests python package installed
Restart your machine
Congrats, now you have cntlm installed and configured
Just to add , if you are performing a "pip" operation , you might need to add and additional "--proxy=localhost:port_number"
e.g pip install --proxy=localhost:3128 matplotlib
Visit this link to see full details.
Once you generated the file, and changed your password, you can run as below,
cntlm -H
Username will be the same. it will ask for password, give it, then copy the PassNTLMv2, edit the cntlm.ini, then just run the following
cntlm -v
Thank you Sasha Zezulinsky.
In windows:
I used
SET HTTPS_PROXY=http://localhost:3128
When it was set to
SET HTTPS_PROXY=http://127.0.0.1:3128, it never worked.
Below posts are also very helpful.
How to use pip on windows behind an authenticating proxy
For me just using cntlm -H wasn't generating the right hash, but it does with the command below providing the user name.
If you need to generate a new password hash for cntlm, because you have change it or you've been forced to update it, you can just type the below command and update your cntlm.conf configuration file with the output:
$ cntlm -u test -H
Password:
PassLM D2AABAF8828482D5552C4BCA4AEBFB11
PassNT 83AC305A1582F064C469755F04AE5C0A
PassNTLMv2 4B80D9370D353EE006D714E39715A5CB # Only for user 'test', domain ''